SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information


 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips
 

Vulnerability Note VU#247545

Protegrity Secure.Data for Microsoft SQL Server 2000 contains buffer overflows in extended stored procedures

Overview

Protegrity Secure.Data for Microsoft SQL Server 2000 includes several extended stored procedures that contain buffer overflow vulnerabilities. These vulnerabilities could allow a remote attacker to execute arbitrary code, gain access to databases, or cause a denial of service.

I. Description

Protegrity Secure.Data for Microsoft SQL Server 2000 provides access control and encryption for individual data records. Secure.Data interacts with Microsoft SQL Server via extended stored procedures that are part of the Secure.Data Extension Feature (SEF). From Microsoft Knowledge Base Article 190987: "Extended stored procedures provide a way to dynamically load and execute a function within a dynamic-link library (DLL) in a manner similar to that of a stored procedure, seamlessly extending SQL Server functionality." Extended stored procedures execute under the security context and in the process space of SQL Server. By default, the SQL Server 2000 service runs as a Windows domain user.

Several extended stored procedures (xp_pty_checkusers, xp_pty_insert, and xp_pty_select) included as part of the SEF contain buffer overflow vulnerabilities. These extended stored procedures could be exploited by specially crafted SQL commands.

II. Impact

A remote attacker could execute arbitrary code with the privileges of the SQL Server process or cause a denial of service. This could give an attacker full access to databases stored on a vulnerable system.

III. Solution

Upgrade

Protegrity has issued an updated version of protegrity.dll (2.2.3.9) that resolves these vulnerabilities.

Restrict Access

Using firewall or similar technology, restrict direct access to SQL servers to only those hosts and networks that require it. By default, SQL Server 2000 listens on port 1433/tcp. Named/clustered SQL instances may require special configuration. See Microsoft Knowledge Base Article 287932 for more information. Note that this will only limit the possible sources of attacks.

Systems Affected

VendorStatusDate NotifiedDate Updated
ProtegrityVulnerable13-Mar-2003

References


http://www.protegrity.com/The_Secure.Data_Suite.html
http://support.microsoft.com/default.aspx?scid=kb;en-us;287932
http://support.microsoft.com/default.aspx?scid=kb;en-us;243428
http://support.microsoft.com/default.aspx?scid=kb;EN-US;190987
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/odssql/ods_6_con_00_6p9v.asp
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/odssql/ods_6_con_01_9rxv.asp

Credit

This vulnerability was reported by <protegritysecvuln@yahoo.com>.

This document was written by Art Manion.

Other Information

Date Public:2003-03-13
Date First Published:2003-03-13
Date Last Updated:2003-03-13
CERT Advisory: 
CVE-ID(s):CAN-2003-0030
NVD-ID(s):CAN-2003-0030
US-CERT Technical Alerts: 
Metric:7.52
Document Revision:16

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Copyright 2003 Carnegie Mellon University
Disclaimers and copyright information
Get Adobe Reader Get Adobe Reader